0,0 → 1,266 |
Description: Support new OpenSSL 1.1 API |
Use pointers instead of full struct members, and accessor function |
EVP_PKEY_base_id() to get base type instead of comparing several |
possible method IDs. We also need a copy constructor for SignatureInfo. |
TODO: OOM error handling? Complex in C++ constructors. |
Bug: https://bugs.debian.org/828392 |
|
--- a/src/dkimsign.cpp |
+++ b/src/dkimsign.cpp |
@@ -41,20 +41,25 @@ CDKIMSign::CDKIMSign() |
m_EmptyLineCount = 0; |
m_pfnHdrCallback = NULL; |
|
- EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() ); |
- EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
- EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
- EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
- EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
+ m_allman_sha1ctx = EVP_MD_CTX_create(); |
+ EVP_SignInit( m_allman_sha1ctx, EVP_sha1() ); |
+ m_Hdr_ietf_sha1ctx = EVP_MD_CTX_create(); |
+ EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
+ m_Hdr_ietf_sha256ctx = EVP_MD_CTX_create(); |
+ EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
+ m_Bdy_ietf_sha1ctx = EVP_MD_CTX_create(); |
+ EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
+ m_Bdy_ietf_sha256ctx = EVP_MD_CTX_create(); |
+ EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
} |
|
CDKIMSign::~CDKIMSign() |
{ |
- EVP_MD_CTX_cleanup( &m_allman_sha1ctx ); |
- EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx ); |
- EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx ); |
- EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx ); |
- EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx ); |
+ EVP_MD_CTX_destroy( m_allman_sha1ctx ); |
+ EVP_MD_CTX_destroy( m_Hdr_ietf_sha1ctx ); |
+ EVP_MD_CTX_destroy( m_Hdr_ietf_sha256ctx ); |
+ EVP_MD_CTX_destroy( m_Bdy_ietf_sha1ctx ); |
+ EVP_MD_CTX_destroy( m_Bdy_ietf_sha256ctx ); |
} |
|
//////////////////////////////////////////////////////////////////////////////// |
@@ -150,34 +155,34 @@ void CDKIMSign::Hash( const char* szBuff |
{ |
if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
{ |
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
} |
} |
else |
{ |
if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 ) |
{ |
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
} |
else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 ) |
{ |
if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
{ |
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
} |
if( m_nHash & DKIM_HASH_SHA256 ) |
{ |
if( bHdr ) |
- EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
+ EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
else |
- EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
+ EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
} |
if( m_nHash != DKIM_HASH_SHA256 ) |
{ |
if( bHdr ) |
- EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
+ EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
else |
- EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
+ EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
} |
} |
} |
@@ -864,7 +869,7 @@ int CDKIMSign::ConstructSignature( char* |
unsigned char Hash[EVP_MAX_MD_SIZE]; |
unsigned int nHashLen = 0; |
|
- EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
+ EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
|
bio = BIO_new(BIO_s_mem()); |
if (!bio) { |
@@ -935,11 +940,11 @@ int CDKIMSign::ConstructSignature( char* |
|
if( bUseIetfBodyHash ) |
{ |
- EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
+ EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
} |
else |
{ |
- EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
+ EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
} |
|
bio = BIO_new_mem_buf(szPrivKey, -1); |
@@ -966,11 +971,11 @@ int CDKIMSign::ConstructSignature( char* |
|
if( bUseIetfBodyHash ) |
{ |
- nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
+ nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
} |
else |
{ |
- nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey); |
+ nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey); |
} |
|
EVP_PKEY_free(pkey); |
--- a/src/dkimsign.h |
+++ b/src/dkimsign.h |
@@ -60,13 +60,13 @@ protected: |
|
int AssembleReturnedSig( char* szPrivKey ); |
|
- EVP_MD_CTX m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
- EVP_MD_CTX m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
+ EVP_MD_CTX *m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
+ EVP_MD_CTX *m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
|
- EVP_MD_CTX m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
- EVP_MD_CTX m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
+ EVP_MD_CTX *m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
+ EVP_MD_CTX *m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
|
- EVP_MD_CTX m_allman_sha1ctx; /* the hash for allman sha1 */ |
+ EVP_MD_CTX *m_allman_sha1ctx; /* the hash for allman sha1 */ |
|
int m_Canon; // canonization method |
|
--- a/src/dkimverify.cpp |
+++ b/src/dkimverify.cpp |
@@ -43,8 +43,8 @@ SignatureInfo::SignatureInfo(bool s) |
{ |
VerifiedBodyCount = 0; |
UnverifiedBodyCount = 0; |
- EVP_MD_CTX_init( &m_Hdr_ctx ); |
- EVP_MD_CTX_init( &m_Bdy_ctx ); |
+ m_Hdr_ctx = EVP_MD_CTX_create(); |
+ m_Bdy_ctx = EVP_MD_CTX_create(); |
m_pSelector = NULL; |
Status = DKIM_SUCCESS; |
m_nHash = 0; |
@@ -52,10 +52,25 @@ SignatureInfo::SignatureInfo(bool s) |
m_SaveCanonicalizedData = s; |
} |
|
+SignatureInfo::SignatureInfo(const SignatureInfo& orig) |
+ : VerifiedBodyCount(orig.VerifiedBodyCount), |
+ UnverifiedBodyCount(orig.UnverifiedBodyCount), |
+ m_pSelector(orig.m_pSelector), |
+ Status(orig.Status), |
+ m_nHash(orig.m_nHash), |
+ EmptyLineCount(orig.EmptyLineCount), |
+ m_SaveCanonicalizedData(orig.m_SaveCanonicalizedData) |
+{ |
+ m_Hdr_ctx = EVP_MD_CTX_create(); |
+ EVP_MD_CTX_copy_ex(m_Hdr_ctx, orig.m_Hdr_ctx); |
+ m_Bdy_ctx = EVP_MD_CTX_create(); |
+ EVP_MD_CTX_copy_ex(m_Bdy_ctx, orig.m_Bdy_ctx); |
+} |
+ |
SignatureInfo::~SignatureInfo() |
{ |
- EVP_MD_CTX_cleanup( &m_Hdr_ctx ); |
- EVP_MD_CTX_cleanup( &m_Bdy_ctx ); |
+ EVP_MD_CTX_destroy( m_Hdr_ctx ); |
+ EVP_MD_CTX_destroy( m_Bdy_ctx ); |
} |
|
|
@@ -459,7 +474,7 @@ int CDKIMVerify::GetResults(void) |
unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned len = 0; |
|
- int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len); |
+ int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len); |
|
if (!res || len != i->BodyHashData.length() || memcmp(i->BodyHashData.data(), md, len) != 0) |
{ |
@@ -515,7 +530,7 @@ int CDKIMVerify::GetResults(void) |
|
assert( i->m_pSelector != NULL ); |
|
- int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
+ int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
|
if (res == 1) |
{ |
@@ -658,11 +673,11 @@ void SignatureInfo::Hash( const char* sz |
|
if (IsBody && !BodyHashData.empty()) |
{ |
- EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength ); |
+ EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength ); |
} |
else |
{ |
- EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength ); |
+ EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength ); |
} |
|
if (m_SaveCanonicalizedData) |
@@ -741,13 +756,13 @@ int CDKIMVerify::ProcessHeaders(void) |
// initialize the hashes |
if (sig.m_nHash == DKIM_HASH_SHA256) |
{ |
- EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() ); |
- EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() ); |
+ EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() ); |
+ EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() ); |
} |
else |
{ |
- EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() ); |
- EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() ); |
+ EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() ); |
+ EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() ); |
} |
|
// compute the hash of the header |
@@ -1343,7 +1358,7 @@ int SelectorInfo::Parse( char* Buffer ) |
return DKIM_SELECTOR_PUBLIC_KEY_INVALID; |
|
// make sure public key is the correct type (we only support rsa) |
- if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA2) |
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) |
{ |
PublicKey = pkey; |
} |
--- a/src/dkimverify.h |
+++ b/src/dkimverify.h |
@@ -61,6 +61,7 @@ class SignatureInfo |
{ |
public: |
SignatureInfo(bool SaveCanonicalizedData); |
+ SignatureInfo(const SignatureInfo& orig); |
~SignatureInfo(); |
|
void Hash( const char* szBuffer, unsigned nBufLength, bool IsBody=false ); |
@@ -83,8 +84,8 @@ public: |
unsigned VerifiedBodyCount; |
unsigned UnverifiedBodyCount; |
|
- EVP_MD_CTX m_Hdr_ctx; |
- EVP_MD_CTX m_Bdy_ctx; |
+ EVP_MD_CTX *m_Hdr_ctx; |
+ EVP_MD_CTX *m_Bdy_ctx; |
SelectorInfo *m_pSelector; |
|
int Status; |